Suspicious Behavious excel.exe buffer overflow.

We have client version 10.6 and still getting this same error.  Not sure to do with this alert.

We have client version 10.6 and still getting this same error.  Not sure to do with this alert.

We have also seen one incidence of this error, on Excel 2010 version 14.0.7179.5000, Sophos version 10.6.4 VE3.67.3 and Windows 7 Pro with SP1 and updates.

Does it happen because of a malicious spreadsheet, or is it an Excel patch that is missing from the PC?

Dan Jackson (Lead ITServices Technician)

Long Road Sixth Form College

Cambridge, UK

We have seen this on one endpoint this week. 

Microsoft Excel 2013 15.0.4989.1000 32bit on a 64bit Win7 Pro SP1 patched system. Sophos AV 10.7.2 VE3.69.2

"Suspicious behavior Threat type not cleanable Buffer Overflow C:\Program Files (x86)\Microsoft Office 2013\Office15\EXCEL.EXE"

I spoke to the person who uses this machine and they stated they had not used Excel.

Any further info on this?

I have not seen it flagged on any other endpoint (35 systems).

Cheers!

I have also seen it affect Outlook with Sophos Version 10.7

User on a Win7 64bit

C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE

Threat type  - Suspicious behavior

Threat Name - Buffer Overflow

Action Taken - Blocked

This is exactly the message I have seen on some of our VMs in the last few days.
Is this possibly connected with Spectre/Meltdown or is there really something going on?